The Zeus captures a screenshot of the Ceridian login page when a user infected with the Trojan visits the site. This image records the employee’s username, password, company number and the icon needed to bypass the firm’s image-based authentication system.

In a blog post, highlighting users to the scam, Trusteer said the financial losses associated with this type of attack are significant, as cybercriminals could use it to add fictitious employees to payroll systems and siphon off funds.

“[Also] using these valid credentials, fraudsters can also access personal, corporate and financial data without the need to hack into systems, while leaving very little evidence that malicious access is occurring.”

Speaking to IT Pro, Oren Kedem, director of product marketing at Trusteer, said the vendor’s findings should prompt payroll providers to review how they protect customer data.

“They should look at following the example of online banks and the login procedures they have in place. Payroll providers need a similar class of protection,” said Kadem.

“They require many layers of protection that covers them on the client and server side, as well as an additional form of authentication to reduce the risk of attack.”

“As organisations and consumers continue to move to the cloud, the attention of malware authors will be firmly focused on the growing number of cloud providers,” Malone told IT Pro.

“Security holes of this kind can affect multiple customers in one attack, which is why it is vital that businesses choose a technology partner who can provide expertise and guidance to protect [customer] goodwill and reputations," he added.